macOSLAPS
access-manager
macOSLAPS | access-manager | |
---|---|---|
27 | 22 | |
365 | 230 | |
- | 0.9% | |
0.0 | 4.2 | |
about 1 year ago | 9 months ago | |
Swift | C# | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOSLAPS
-
Best practice for MacOS control + user experience in Intune. (Autopilot for Macs to Intune)
LAPS isn't natively supported but once again there's a third-party solution
- Simple App to help Mac Admins
-
Mac user password resets
As others have mentioned, a second account with admin privileges might be your best bet. If you're going to go that route, you may want to implement macoslaps along with that. Macoslaps randomizes the local admin password which comes in handy if you need to give the password to someone. It used to be only for Active Directory joined Macs but now can be used without an active directory (via MDM). Here's the link for more info: This goes on the clients - https://github.com/joshua-d-miller/macOSLAPS
-
Anyone know if macOSLAPS will work with the new Windows LAPS update Microsoft just announced?
We use MacOSLAPS on our Mac clients to randomize the admin password on those machines: https://github.com/joshua-d-miller/macOSLAPS
-
The Active Directory team has delivered LAPS natively to Windows 10 & 11, #WindowsServer 2019 & 2022 with this month’s Patch Tuesday!
And that implementation is why when I set this up at $oldJob I set the RemovePassChars key to all ambiguous characters I had run into on the Microsoft product.
-
First Post - a stupidly specific failure
I believe setting something like macOSLAPS up will also resolve the issue since the automatically created local account would authenticate and update it's password silently.
- is it possible to see what account made changes to the system?
-
Need advice for securing company laptops
There are a variety of alternatives, such as https://github.com/joshua-d-miller/macOSLAPS
- Create a standard account, no admin account
- Mac User accounts
access-manager
-
item level targeting
i use https://github.com/lithnet/access-manager as a pam. it gives you more control and insight into who is using admin access and that they only have it for a short period of time.
-
How to find out how many users have been given local admin rights on their machines?
That's where JIT credentials come into play for people that need to install their own software. You can fairly easily set up something like that with LAPS or Lithnet (or both, https://github.com/lithnet/access-manager). If you have that many endpoints that need that much admin access, then any sort of ransomware is going to mess things up real fast if it gets in, and you'll be spending a lot more than 30-40 hours just getting things back up and running.
-
Resetting Password permissions
or you could use https://github.com/lithnet/access-manager
- LAPS in small organization
- How does LAPS make things more secure?
- How do you manage users that need temp Admin access to company owned assets?
- Users needing local admin rights
-
Exporting LAP a good idea?
For example, Lithnet Access Manager is a relatively low-cost and open-source solution that can be rolled out in tandem with LAPS and then replace it if you need the extra features.
-
On premises MFA requirements conflicts with LAPS usage
Just in time Access, this is what I setup on our domain, I'm sure there are others but this is free and easy to setup. The Enterprise Edition is cheap as well. https://github.com/lithnet/access-manager
- PCI and LAPS
What are some alternatives?
LAPSforMac - Local Administrator Password Solution for Mac
passcore - A self-service password management tool for Active Directory
macOS-enterprise-privileges - For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
laps-web - A web site for managing access to local admin passwords managed by Microsoft LAPS
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
LAPS-WebUI - A nice and simple Web Interface for LAPS (Local Administrator Password Solution)
nudge - A tool for encouraging the installation of macOS security updates.
SharpLAPS - Retrieve LAPS password from LDAP
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
myADMonitor - myADMonitor is an open-source Active Directory changes tracking tool